- Past fines include €4 million for Kraken and €2.85 million for Crypto.com.
- OKX was also fined €1.1 million in Malta in April 2025.
- As part of a $504 million U.S. settlement, OKX will remain under supervision until 2027.
The Dutch central bank’s decision to fine OKX €2.25 million is not only a warning about regulatory oversight but also reflects a broader, retrospective approach by European authorities to compliance.
The penalty targets services provided without registration between July 2023 and August 2024, a period before the Markets in Crypto-Assets (MiCA) rules took effect.
By pursuing past activity, regulators are making clear that crypto exchanges will be held accountable for legacy practices regardless of whether they are currently licensed under the new European framework.
Past conduct remains under scrutiny
Since 2020, the Netherlands has required crypto service providers to register under anti-money laundering rules.
During the period in question, OKX operated without the necessary approval and was found to be in breach. De Nederlandsche Bank (DNB) said such violations are “unacceptable.”
The Netherlands has taken similar enforcement actions against other major exchanges.
Kraken paid €4 million and Crypto.com €2.85 million for offering unregistered services.
These penalties, including OKX’s latest fine, have been applied retrospectively and show that as the industry adapts to the new framework, regulators are not overlooking past violations.
Global fines highlight compliance gaps
OKX has faced penalties in multiple jurisdictions. In April 2025, its European arm was fined €1.1 million in Malta for anti-money laundering deficiencies identified two years earlier.
The firm later overhauled its compliance processes and secured MiCA authorization.
Earlier in 2025, OKX agreed to a $504 million settlement in the United States.
As part of that settlement, OKX acknowledged operating as an unlicensed money transmitter and processing illicit transactions.
The U.S. agreement requires OKX to operate under heightened supervision through 2027, including the appointment of an independent compliance consultant.
These sanctions point to a consistent pattern: regulators are demanding up-to-date compliance while digging into historical shortcomings.
For exchanges, this means penalties can arrive years after an initial breach, extending uncertainty over a long period.
Netherlands case treated as a “legacy issue”
Legally known as Aux Cayes Fintech Co., OKX characterized the Dutch lawsuit as a “legacy issue,” saying it had already addressed the underlying problems.
Dutch customers were migrated to the European entity that holds a MiCA license, and the company emphasized there was no impact on clients.
DNB’s fine was lower than some other penalties because regulators acknowledged OKX’s cooperation.
Nevertheless, the action reinforces the broader trend that exchanges cannot comply with today’s rules while ignoring yesterday’s operations.
An era of enforcement under MiCA
The timing of the Dutch action is significant. MiCA is now operating across Europe, requiring exchanges to register, meet reporting obligations, and pass stricter anti-money-laundering checks.
While firms like OKX have secured licenses, regulators continue to pursue earlier breaches.
This signals the end of the “operate first, register later” era: exchanges are learning that legacy operations carry risk long after new rules are introduced.
The Dutch approach suggests other European authorities may follow suit, enforcing current rules while revisiting past activity as they tighten oversight across the region.